<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<?php
header('Content-type:text/html;charset=utf-8');
session_start();
include_once("../class/mysqlclass.php");
//防注入
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	$tle = trim($_POST['title']);
	$_SESSION['tle']=$tle;
	$ath = $_POST['author'];
	$_SESSION['ath']=$ath;
	$dsc = trim($_POST['description']);
	$_SESSION['dsc']=$dsc;
	$con = $_POST['content'];
	$_SESSION['con']=$con;
	$id=$_SESSION['id'];
    if (empty(Addslashes($tle))){
        echo "<script> alert('文章标题不能为空！');location.href='guanli.php?id=1';</script>";
		exit();
    }else {
        if (empty(Addslashes($ath))){
            echo "<script> alert('文章作者不能为空！');location.href='guanli.php?id=1';</script>";
            exit();
        }else{
            if (empty(Addslashes($dsc))){
                echo "<script> alert('文章简介不能为空！');location.href='guanli.php?id=1';</script>";
                exit();
            }else{
                if (empty(Addslashes($con))){
                    echo "<script> alert('文章内容不能为空！');location.href='guanli.php?id=1';</script>";
                    exit();
                }
            }
        }
    }   
}
$id=$_SESSION['id'];
$mysqli = new writing;
$mysqli = $mysqli -> Con();
$sql = "update `write` set title = '{$tle}' where id='{$id}'";
$res=$mysqli->query($sql);
$sql = "update `write` set author = '{$ath}' where id='{$id}'";
$res=$mysqli->query($sql);
$sql = "update `write` set description = '{$dsc}' where id='{$id}'";
$res=$mysqli->query($sql);
$sql = "update `write` set content = '{$con}' where id='{$id}'";
$res=$mysqli->query($sql);
$pdo=new my();
$time = $pdo->GetChinaTime();
$num = $pdo->NumAdd();
$sql = "update `write` set num = '{$num}' where id='{$id}'";
$res=$mysqli->query($sql);
$sql = "update `write` set time = '{$time}' where id='{$id}'";
$res=$mysqli->query($sql);
echo "<script>alert('修改成功！');location.href='guanli.php?id=1';</script>";
//清空草稿
$_SESSION['con']=NULL;
$_SESSION['tle']=NULL;
$_SESSION['dsc']=NULL;
?>
</body>
</html>